[U-Boot] [PATCH] tools: omapimage: fix corner-case in byteswap path

Philipp Tomsich philipp.tomsich at theobroma-systems.com
Mon Dec 4 16:04:02 UTC 2017 

Since commit 2614a208471e ("common: command: tempory buffer should
have size of command line buf"), there have been consistent Travis CI
failures on my builds (interestingly not for Tom, even though building
the same commit id) due to a SEGV in building the byteswapped
omapimage:
     	    arm: pcm051_rev3
     make[2]: *** [MLO.byteswap] Error 139
     	      	  		       ^^^ error code for a SEGV

Turns out that the word-based byte-swapping loop in omapimage.c is to
blame. With the loop condition
       while (swapped <= (sbuf->st_size / sizeof(uint32_t)))
there had been one-too-many iterations for all file sizes divisible by
the sizeof(uint32_t).  I.e. we had 1 iteration for 0 bytes (and also 1
through 3 bytes) and 2 iterations at 4 bytes... clearly overshooting
on 0 and 4 bytes.

This commit fixes the calculation of an up-rounded word-count and
makes sure to keep the zero-based loop-counter below the number of
words to be processed.

References: 2614a20 ("common: command: tempory buffer should have size of command line buf")
Fixes: 79b9ebb ("omapimage: Add support for byteswapped SPI images")
Signed-off-by: Philipp Tomsich <philipp.tomsich at theobroma-systems.com>
Reviewed-by: Martin Elshuber <martin.elshuber at theobroma-systems.com>

---

 tools/omapimage.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/omapimage.c b/tools/omapimage.c
index e31b94a..e7c4638 100644
--- a/tools/omapimage.c
+++ b/tools/omapimage.c
@@ -20,6 +20,8 @@
 #include "gpheader.h"
 #include "omapimage.h"
 
+#define DIV_ROUND_UP(n, d)     (((n) + (d) - 1) / (d))
+
 /* Header size is CH header rounded up to 512 bytes plus GP header */
 #define OMAP_CH_HDR_SIZE 512
 #define OMAP_FILE_HDR_SIZE (OMAP_CH_HDR_SIZE + GPIMAGE_HDR_SIZE)
@@ -150,8 +152,10 @@ static void omapimage_set_header(void *ptr, struct stat *sbuf, int ifd,
 		do_swap32 = 1;
 		int swapped = 0;
 		uint32_t *data = (uint32_t *)ptr;
+		const off_t size_in_words =
+			DIV_ROUND_UP(sbuf->st_size, sizeof(uint32_t));
 
-		while (swapped <= (sbuf->st_size / sizeof(uint32_t))) {
+		while (swapped < size_in_words) {
 			*data = cpu_to_be32(*data);
 			swapped++;
 			data++;
-- 
2.1.4

More information about the U-Boot mailing list